invalid username or password for correct password and worker process exits on signal 6

[gustopn]

invalid username or password for...
worker process ... exited on signal 6
happens only when I am going over auth_digest.

[erikdubbelboer]

Is it possible for you to share the username and password so I can try to recreate the exact same situation? Also which browser and version of nginx are you using?

[gustopn]

Yes, it does not matter what password you use, you might take test and test123.
The version of NGINX was the FreeBSD ports one, so nginx-1.14.0_4,2.
And the passwd file was created by the supplied script. However,
I am not suspecting the password to be false. It fails somewhere where it should give back to NGINX worker process, there it crashes. As far as I see the module seems to be quite old and NGINX changed in the meantime, so there may be an incompatibility there.

[erikdubbelboer]

I just compiled the module into nginx-1.14.0 for Ubuntu and everything works fine there. The nginx module system really hasn't changed so it's not an incompatibility there.

I don't have access to a FreeBSD machine I'm afraid so I can't test that. Maybe it's some modification that only the BSD version has.

Is there any way you could get a stacktrace or something?

[gustopn]

Not today, but I may look into it sometime later and yes, that stacktrace idea would be a start.

[RvdE]

I have the same issue on FreeBSD 13.0-RELEASE.

Managed to get the following stacktrace:

Reading symbols from /usr/local/sbin/nginx...
[New LWP 1077745]
Core was generated by `nginx: worker process'.
Program terminated with signal SIGABRT, Aborted.
Sent by kill() from pid 82879 and user 80.
#0 kill () at kill.S:4
4 kill.S: No such file or directory.
(gdb) bt
#0 kill () at kill.S:4
#1 0x00000008008f79e0 in __fail (msg=) at /usr/src/lib/libc/secure/stack_protector.c:130
#2 0x00000008008f7950 in __stack_chk_fail () at /usr/src/lib/libc/secure/stack_protector.c:137
#3 0x000000080031ecc8 in ngx_http_auth_digest_evasion_tracking (r=r@entry=0x801b66050, alcf=, alcf@entry=0x8010f3af8, status=, status@entry=0)
at /wrkdirs/usr/ports/www/nginx/work/nginx-http-auth-digest-cd86418/ngx_http_auth_digest_module.c:1462
#4 0x000000080031d6e8 in ngx_http_auth_digest_handler (r=0x801b66050) at /wrkdirs/usr/ports/www/nginx/work/nginx-http-auth-digest-cd86418/ngx_http_auth_digest_module.c:289
#5 0x000000000027aa91 in ngx_http_core_access_phase (r=0x801b66050, ph=0x801b9b958) at src/http/ngx_http_core_module.c:1100
#6 0x000000000027a1a5 in ngx_http_core_run_phases (r=0x801b66050) at src/http/ngx_http_core_module.c:875
#7 ngx_http_handler (r=r@entry=0x801b66050) at src/http/ngx_http_core_module.c:858
#8 0x00000000002844aa in ngx_http_process_request (r=r@entry=0x801b66050) at src/http/ngx_http_request.c:2114
#9 0x00000000002b4100 in ngx_http_v2_run_request (r=0x801b66050) at src/http/v2/ngx_http_v2.c:3983
#10 0x00000000002b397a in ngx_http_v2_state_header_complete (h2c=0x801b19600, pos=0x801dd6785 "", end=0x801dd6785 "") at src/http/v2/ngx_http_v2.c:1916
#11 0x00000000002ae080 in ngx_http_v2_read_handler (rev=) at src/http/v2/ngx_http_v2.c:435
#12 0x000000000026c0c5 in ngx_kqueue_process_events (cycle=0x8010b0790, timer=, flags=1) at src/event/modules/ngx_kqueue_module.c:669
#13 0x0000000000261c8a in ngx_process_events_and_timers (cycle=cycle@entry=0x8010b0790) at src/event/ngx_event.c:247
#14 0x000000000026a71d in ngx_worker_process_cycle (cycle=0x8010b0790, data=) at src/os/unix/ngx_process_cycle.c:719
#15 0x0000000000268b7a in ngx_spawn_process (cycle=cycle@entry=0x8010b0790, proc=0x26a6b0 <ngx_worker_process_cycle>, data=0x6, name=0x21d015 "worker process", respawn=respawn@entry=7)
at src/os/unix/ngx_process.c:199
#16 0x00000000002698fa in ngx_reap_children (cycle=0x8010b0790) at src/os/unix/ngx_process_cycle.c:596
#17 ngx_master_process_cycle (cycle=cycle@entry=0x8010b0790) at src/os/unix/ngx_process_cycle.c:174
#18 0x0000000000240ff5 in main (argc=, argv=) at src/core/nginx.c:383

[erikdubbelboer]

Which version of nginx-http-auth-digest are you using? (there are no releases so which git hash?)
According to your stacktrace it crashed on:

nginx-http-auth-digest/ngx_http_auth_digest_module.c

Line 1462 in b3073ef

node->drop_time = ngx_time();

But it's impossible for node to be NULL at this point. So I'm wondering if you're running an older version or if something else happened.

[RvdE]

I looked into the ports distinfo (which stores the filenames, checksums, etc). and I think it's hash cd86418.

I'll see what happens if I use the latest available one. To be continued.

[RvdE]

hmm... that's basically the latest version, since there's only 1 commit newer than that which changes some documentation.

The crash happened on previous versions of FreeBSD as well, so I'm not sure what's going on. Seems to be a FreeBSD only issue :(

[erikdubbelboer]

How are you installing nginx-http-auth-digest? I'm unfamiliar with FreeBSD so I'm curious how a module like this is installed.